Press Releases

Petya - A Global Threat

27 June 2017

What happened?

On 27 June 2017, Microsoft found reports of a ransomware infection spreading across Europe. The first infection started in Ukraine, where more than 12,500 machines encountered the threat. The ransomware subsequently went on to spread to 64 other countries, including Belgium, Brazil, Germany, Russia, and the United States.

What is Petya & How does it Spread?

Petya is a family of encrypting ransomware, first discovered in 2006. The malware targets Microsoft Windows-based systems, infecting the master boot record to execute a payload, ultimately encrypting the files on these systems. The ransomware then demands a payment from the victims in Bitcoins to re-gain access to their files.

One of the primary vectors for the Petya infection was MeDoc, a financial software firm based in the Ukraine. A particular software update feature was hacked and the attackers used it to distribute Petya. Once a single machine is infected, Petya spreads peer-to-peer to other Windows-based endpoints and servers that are vulnerable to MS17-010. It also can spread via PsExec to admin shares, even on patched machines.

Experts believe that this new variant of Petya, better known as Petwrap / NotPetya / Pentya 2017, is a wiper disguised as ransomware. Based on the meager payout of $10000 collected so far, it seems that the attackers’ intentions were different from monetary goals. This draws further concern as this brings about the question – was the attackers’ aim to cause targeted harm to Ukraine as a country?

WannaCry 2.0? – Not Quite.

Like a worm, Petya infects networks by moving from computer to computer. The ransomware accomplishes this with the help of a hacking tool known as EternalBlue, which takes advantage of vulnerabilities in Microsoft Windows. This seems to be similar to WannaCry, the recent major ransomware attack just before Petya. However, there are a few new yet alarming characteristics about Petya:

Main mode of infection through company networks rather than via the Internet

Recommendations

With such vast differences from WannaCry, Petya requires its own careful consideration when formulating an appropriate defense strategy. Petya has the potential to deal massive damage; evident by the huge impact on critical infrastructure in the Ukraine. The consequences of such rapid spread of infections can have a negative effect on daily business and personal activities. Defending yourself is crucial - Perform these actions to limit the chances of infection:

Apply Windows update MS17010

Disable the outdated protocol SMBv1

Limit the privileges of local ‘administrators’

Make backups and verify files that can be restored

Doing your part to defend yourself against Petya is essential. However, can you defend yourself against the future cyber threats that are sure to come?
Don’t do it alone. With Quantiq, we protect your organization with our versatile range of solutions:

Quantiq International Pte Ltd

Established in Singapore in April 2001, Quantiq International has since become a leading brand in the Security Space in ASEAN. From a niche solution distributor and provider of Information Security - with exclusive distributorships for several top security vendors - Quantiq International has now evolved into a Regional Security Architect.